What Is the Configuration Examples Manual?

This document is a collection of hypothetical network configurations using the SunScreen firewall. The examples are real-life examples that use the following features of this product.

• Remote administration of a Screen using an Administration Station. The administration GUI runs on the Administration Station but the configuration files it uses are stored on the Screen. One Administration Station can manage any number of Screens that have the access rules defined to grant administrative access.

• SunScreen supports Network Address Translation (NAT) and this manual contains an example of how you use both the STATIC and DYNAMIC NAT features with the firewall.

• Sunscreen has both Routing mode allowing normal routing of traffic and Stealth mode which makes the firewall invisible to the outside world. You can also configure SunScreen in a mixed mode where one interface of the firewall is stealth and other interfaces are routing. Examples using all three of these modes are included in this manual.

• SunScreen allows you to set up Virtual Private Networks (VPNs). This manual provides three examples that use encryption with Packet Filtering and VPN rules. The examples use both SKIP and IKE

• The High Availability (HA) feature lets you use a redundant machine to mirror all network traffic and firewall configurations. Should the active machine in the HA configuration fail for any reason, the passive partner takes over providing uninterrupted operation.

• The Centralized Management Group feature enables you to connect to one Screen that is designated as the primary Screen. You can manipulate policy there , and then push that changed policy to secondary Screens.

• Proxies allow for authentication of users before they access supported services. This manual includes a proxy example of a Screen supporting FTP, telnet, and http proxies.

• SunScreen 3.2 systems and Windows 2000 systems can interoperate using the IPSec IKE protocol. This manual provides you with the information you need to know to make this feature work properly.

While this manual contains detailed examples of how you might use SunScreen's features. It is beyond the scope of this manual to suggest any particular security policies.

To determine the policy you want to implement, you should first:

• Identify your own security requirements for protecting the integrity and accessibility of your corporate data and computer resources.

• Determine the services you want to support at your site for employees and customers.

• Define the layout for your network and then configure SunScreen to implement this policy.